Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects After Search Items Are Clicked


  • This topic is locked This topic is locked
9 replies to this topic

#1 250gibson

250gibson

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 22 January 2008 - 02:39 PM

I have recently encountered a problem. Whenever I search for a topic and click on the results. I get redirected to a variety of different sites. This doesn't happen all the time, but happens quite frequently. I ran all the suggested ad/spy ware removers, and updated and ran my sophos anti-virus. Adaware found some tracking cookies which I removed, but the problem is still happening, even after all the removers show a clean system. Please help.

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:57 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\System\svchost.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - C:\PROGRA~1\COMMON~1\System\vd3_sys.dat
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110162971524
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://rockofages.webex.com/client/T23L/webex/ieatgpc.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7146 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:42 PM

Posted 28 January 2008 - 12:44 PM

Hello 250gibson and welcome to the BC HijackThis forum. Let's see what else we can find.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 250gibson

250gibson
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 28 January 2008 - 01:36 PM

Ok, here is the report:

WinPFind35 logfile created on: 1/28/2008 1:31:36 PM
WinPFind35U Version Beta39	 Folder = C:\Documents and Settings\christiansen\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
 
383.23 Mb Total Physical Memory | 124.78 Mb Available Physical Memory | 32.56% Memory free
919.38 Mb Paging File | 658.34 Mb Available in Paging File | 71.61% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.87 Gb Total Space | 15.83 Gb Free Space | 56.79% Space Free | Partition Type: NTFS
Drive D: | 217.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ROARET021
Current User Name: christiansen
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe ->  [Ver =  | Size = 389120 bytes | Modified Date = 8/31/2004 9:38:00 PM | Attr =	]
savservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> Sophos Plc [Ver = 1.0.0.3755 | Size = 98304 bytes | Modified Date = 11/12/2007 12:08:37 PM | Attr =	]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 45 | Size = 389120 bytes | Modified Date = 9/7/2004 5:08:02 PM | Attr =	]
ati2evxx.exe -> %System32%\ati2evxx.exe ->  [Ver =  | Size = 389120 bytes | Modified Date = 8/31/2004 9:38:00 PM | Attr =	]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 5:02:40 PM | Attr =	]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 5:05:10 PM | Attr =	]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 5:12:32 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> Intel [Ver = 9, 0, 1, 33 | Size = 245760 bytes | Modified Date = 9/7/2004 5:03:40 PM | Attr =	]
basfipm.exe -> %System32%\BAsfIpM.exe -> Broadcom Corp. [Ver = 6.0.3 | Size = 77824 bytes | Modified Date = 4/17/2003 1:00:12 PM | Attr =	]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 5:02:04 PM | Attr =	]
savadminservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 69632 bytes | Modified Date = 8/10/2007 11:46:23 AM | Attr =	]
alsvc.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> Sophos Plc [Ver = 3.7.18.131 | Size = 172032 bytes | Modified Date = 4/3/2007 2:28:46 AM | Attr =	]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe ->  [Ver = 1, 0, 0, 1 | Size = 610304 bytes | Modified Date = 10/7/2004 8:44:14 PM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 9/13/2004 2:49:00 PM | Attr =	]
almon.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> Sophos Plc [Ver = 3.10.54.138 | Size = 245760 bytes | Modified Date = 6/21/2007 5:18:00 AM | Attr =	]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 6:28:24 PM | Attr =	]
nkvmon.exe -> %ProgramFiles%\Nikon\NkView6\NkvMon.exe -> Nikon Corporation [Ver = 6, 0, 0, 3000 | Size = 237568 bytes | Modified Date = 12/4/2002 10:52:48 AM | Attr =	]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 11:14:36 AM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 308224 bytes | Modified Date = 1/28/2008 12:03:42 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe ->  [Ver =  | Size = 389120 bytes | Modified Date = 8/31/2004 9:38:00 PM | Attr =	]
(BAsfIpM) Broadcom ASF IP monitoring service v6.0.3 [Win32_Own | Auto | Running] -> %System32%\BAsfIpM.exe -> Broadcom Corp. [Ver = 6.0.3 | Size = 77824 bytes | Modified Date = 4/17/2003 1:00:12 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\DMADMIN.EXE -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 5:02:40 PM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 11:14:36 AM | Attr =	]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 5:02:04 PM | Attr =	]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 5:05:10 PM | Attr =	]
(SAVAdminService) Sophos Anti-Virus status reporter [Win32_Own | Unknown | Running] ->  -> File not found
(SAVService) Sophos Anti-Virus [Win32_Own | Unknown | Running] ->  -> File not found
(Sophos AutoUpdate Service) Sophos AutoUpdate Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> Sophos Plc [Ver = 3.7.18.131 | Size = 172032 bytes | Modified Date = 4/3/2007 2:28:46 AM | Attr =	]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 5:12:32 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Kernel | Auto | Running] -> %System32%\DRIVERS\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.1.0.1 | Size = 17056 bytes | Modified Date = 2/22/2005 10:49:16 PM | Attr =	]
(AliIde) AliIde [Kernel | Boot | Running] -> %System32%\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 2:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 12:07:44 AM | Attr =	]
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %System32%\DRIVERS\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.5.1.271 | Size = 108791 bytes | Modified Date = 11/16/2004 11:03:52 AM | Attr =	]
(APPDRV) APPDRV [Kernel | System | Running] -> %System32%\DRIVERS\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 6/30/2004 11:39:36 AM | Attr =	]
(asc) asc [Kernel | Boot | Running] -> %System32%\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 2:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Boot | Running] -> %System32%\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 2:51:58 PM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6476 | Size = 788480 bytes | Modified Date = 8/31/2004 9:40:00 PM | Attr =	]
(b57w2k) Broadcom 570x Gigabit Integrated Controller [Kernel | On_Demand | Running] -> %System32%\DRIVERS\b57xp32.sys -> Broadcom Corporation [Ver = 6.64.0.0 built by: WinDDK | Size = 175360 bytes | Modified Date = 5/21/2003 7:47:12 PM | Attr =	]
(BASFND) BASFND [Kernel | Auto | Running] -> %System32%\DRIVERS\BASFND.sys -> Broadcom Corporation [Ver = 6.0.0.0 | Size = 6025 bytes | Modified Date = 4/24/2003 5:21:50 PM | Attr =	]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] ->  -> File not found
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %System32%\DRIVERS\cdr4_xp.sys -> Roxio [Ver = 5.3.4.21 | Size = 61424 bytes | Modified Date = 12/17/2002 1:32:58 PM | Attr =	]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %System32%\DRIVERS\cdralw2k.sys -> Roxio [Ver = 5.3.4.21 | Size = 23436 bytes | Modified Date = 12/17/2002 1:32:46 PM | Attr =	]
(cdudf_xp) cdudf_xp [File_System | System | Running] -> %System32%\DRIVERS\cdudf_xp.sys -> Roxio [Ver = 5.3.4.21 built by: WinDDK | Size = 241152 bytes | Modified Date = 12/17/2002 1:27:32 PM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %System32%\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 2:51:54 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %System32%\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 2:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMBOOT.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\DMIO.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(DS1410D) DS1410D [Kernel | Auto | Running] -> %System32%\DRIVERS\DS1410D.SYS -> Dallas Semiconductor MAXIM [Ver = 3, 0, 0, 0 | Size = 6689 bytes | Modified Date = 7/7/2005 2:17:22 PM | Attr =	]
(DS2490) DS2490 (USB Host for 1-Wire Network) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\DS2490.sys -> Dallas Semiconductor MAXIM [Ver = 0.0082 | Size = 50036 bytes | Modified Date = 7/7/2005 2:17:20 PM | Attr =	]
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\Dvd_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 25898 bytes | Modified Date = 2/22/2005 10:56:07 PM | Attr =	]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\E100B325.SYS -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 1:12:10 PM | Attr =	]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 7/28/2005 8:11:20 PM | Attr =	]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 7/28/2005 8:11:20 PM | Attr =	]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 7/28/2005 8:11:21 PM | Attr =	]
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 200064 bytes | Modified Date = 6/17/2004 4:57:02 PM | Attr =	]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 6/17/2004 4:55:04 PM | Attr =	]
(IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> %System32%\DRIVERS\iwca.sys -> Intel Corporation [Ver = 9.00.0.17 built by: WinDDK | Size = 234496 bytes | Modified Date = 8/12/2004 9:44:04 AM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\DRIVERS\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 1:04:14 PM | Attr =	]
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> %System32%\DRIVERS\Mmc_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 30630 bytes | Modified Date = 2/22/2005 10:56:07 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %System32%\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\NV4_MINI.SYS -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 11:29:56 PM | Attr =	]
(O2SCBUS) O2Micro SmartCardBus Reader [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ozscr.sys -> O2Micro [Ver = 3, 0, 0, 1 | Size = 91823 bytes | Modified Date = 7/9/2004 2:47:54 PM | Attr =	]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 17153 bytes | Modified Date = 2/13/2004 11:46:00 AM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %System32%\DRIVERS\pwd_2K.sys -> Roxio [Ver = 5.3.4.59 | Size = 143834 bytes | Modified Date = 2/22/2005 10:56:07 PM | Attr =	]
(ql1080) ql1080 [Kernel | Boot | Running] -> %System32%\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Boot | Running] -> %System32%\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Boot | Running] -> %System32%\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 2:52:18 PM | Attr =	]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\DRIVERS\s24trans.sys -> Intel Corporation [Ver = 9, 0, 0, 3 | Size = 11354 bytes | Modified Date = 8/31/2004 9:53:04 AM | Attr =	]
(SAVOnAccessControl) SAVOnAccessControl [File_System | System | Running] -> %System32%\DRIVERS\savonaccesscontrol.sys -> Sophos Plc [Ver = 3.7.2.250 | Size = 101120 bytes | Modified Date = 9/10/2007 7:09:23 AM | Attr =	]
(SAVOnAccessFilter) SAVOnAccessFilter [File_System | System | Running] -> %System32%\DRIVERS\savonaccessfilter.sys -> Sophos Plc [Ver = 3.7.2.250 | Size = 33408 bytes | Modified Date = 9/10/2007 7:08:52 AM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %System32%\DRIVERS\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 12:07:44 AM | Attr =	]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %System32%\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr =	]
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %System32%\DRIVERS\stac97.sys -> SigmaTel, Inc. [Ver = 5.10.3952 | Size = 264440 bytes | Modified Date = 11/15/2004 4:37:52 PM | Attr =	]
(symc810) symc810 [Kernel | Boot | Running] -> %System32%\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 3:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %System32%\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 3:07:36 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %System32%\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 3:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %System32%\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 3:07:42 PM | Attr =	]
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %System32%\DRIVERS\udfreadr_xp.sys -> Roxio [Ver = 5.3.4.60 built by: WinDDK | Size = 206464 bytes | Modified Date = 2/22/2005 10:56:07 PM | Attr =	]
(ultra) ultra [Kernel | Boot | Running] -> %System32%\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 2:52:22 PM | Attr =	]
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %System32%\DRIVERS\w29n51.sys -> Intel® Corporation [Ver = 9000-61 Driver | Size = 3210496 bytes | Modified Date = 10/21/2004 4:56:04 PM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Modified Date = 6/17/2004 4:55:38 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:55 PM | Attr =	]
Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe ->  [Ver = 1, 0, 0, 1 | Size = 610304 bytes | Modified Date = 10/7/2004 8:44:14 PM | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 9/13/2004 2:49:00 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\AutoUpdate Monitor.lnk -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> Sophos Plc [Ver = 3.10.54.138 | Size = 245760 bytes | Modified Date = 6/21/2007 5:18:00 AM | Attr =	]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 6:28:24 PM | Attr =	]
%AllUsersStartup%\NkvMon.exe.lnk -> %ProgramFiles%\Nikon\NkView6\NkvMon.exe -> Nikon Corporation [Ver = 6, 0, 0, 3000 | Size = 237568 bytes | Modified Date = 12/4/2002 10:52:48 AM | Attr =	]
< christiansen Startup Folder > -> C:\Documents and Settings\christiansen\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL -> %ProgramFiles%\Sophos\Sophos Anti-Virus\sophos_detoured.dll ->  [Ver =  | Size = 172032 bytes | Modified Date = 11/12/2007 1:34:04 PM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe																																																										  "C:\Program Files\Common Files\System\svchost.exe" -> explorer.exe																																																										  "%CommonProgramFiles%\System\svchost.exe -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %System32%\ati2evxx.dll ->  [Ver =  | Size = 86016 bytes | Modified Date = 8/31/2004 9:38:00 PM | Attr =	]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 1, 0 | Size = 110592 bytes | Modified Date = 9/7/2004 5:08:06 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.dell.com -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.dell.com/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1593 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr =	]
{FDEA2C12-A476-A13C-2B4C-A3BD546315C2} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\System\vd3_sys.dat [] ->  [Ver =  | Size = 56832 bytes | Modified Date = 1/21/2008 4:44:54 AM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{653D93AF-C741-4e5e-8C1B-59BA43F93E16}:Exec ->  [Panda ActiveScan] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Sun Java Console] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1F44C0FB-303F-4C43-8FAE-98163AAC2F8F} ->	(Broadcom 570x Gigabit Integrated Controller) -> 
{A59EAF9B-26D0-4833-9668-6D1FFD11419B} ->	(Intel(R) PRO/Wireless 2200BG Network Connection) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc2.cab[Office Update Installation Engine] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110162971524[WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}[HKEY_LOCAL_MACHINE] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx[Get_ActiveX Control] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}[HKEY_LOCAL_MACHINE] -> https://rockofages.webex.com/client/T23L/webex/ieatgpc.cab[GpcContainer Class] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]
msv1_0 -> %System32%\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1108 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\SCECLI.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\NTMARTA.DLL [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\SYSTEM32\IISSUBA.DLL [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 31139 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\IPNATHLP.DLL [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 3.8.0.5004 | Size = 405583 bytes | Modified Date = 1/4/2005 10:50:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 3.8.0.5004 | Size = 962638 bytes | Modified Date = 1/4/2005 10:49:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 5:59:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll [139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll [445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll [137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll [138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\WUAUSERV.DLL [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\REGSVC.DLL [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\SYSTEM32\TLNTSVR.EXE [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Created Date = 1/21/2008 9:26:47 PM | Attr =	]
ActiveScan -> %System32%\ActiveScan ->  [Folder | Created Date = 1/22/2008 1:24:32 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/22/2008 1:25:07 PM | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Created Date = 1/21/2008 11:09:25 PM | Attr =	]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Created Date = 1/22/2008 1:24:36 PM | Attr =	]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Created Date = 1/22/2008 1:24:35 PM | Attr =	]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Created Date = 1/22/2008 1:24:37 PM | Attr =	]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Created Date = 1/22/2008 1:25:07 PM | Attr =	]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Created Date = 1/21/2008 11:06:33 PM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Created Date = 1/21/2008 11:06:16 PM | Attr =  H ]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 1/21/2008 11:07:03 PM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Created Date = 1/21/2008 11:11:35 PM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 1/21/2008 11:02:45 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 1/22/2008 12:49:41 PM | Attr =  H ]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Created Date = 1/21/2008 11:09:29 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 1/22/2008 12:05:19 AM | Attr =	]
fixes -> %UserDesktop%\fixes ->  [Folder | Created Date = 1/22/2008 2:40:46 PM | Attr =	]
scan.bmp -> %UserDesktop%\scan.bmp ->  [Ver =  | Size = 9670566 bytes | Created Date = 1/24/2008 10:15:25 AM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 1/28/2008 1:30:29 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478982 bytes | Created Date = 1/28/2008 1:29:50 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 1/22/2008 12:06:37 AM | Attr =  H ]
fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Modified Date = 1/22/2008 2:14:10 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 401911808 bytes | Modified Date = 1/28/2008 10:09:43 AM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/22/2008 2:32:29 PM | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 1/22/2008 10:58:36 PM | Attr =	]
ActiveScan -> %System32%\ActiveScan ->  [Folder | Modified Date = 1/22/2008 1:25:36 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 1/21/2008 11:04:04 PM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/28/2008 11:24:09 AM | Attr =	]
CONFIG -> %System32%\CONFIG ->  [Folder | Modified Date = 1/21/2008 11:09:34 PM | Attr =	]
DLLCACHE -> %System32%\DLLCACHE ->  [Folder | Modified Date = 1/22/2008 4:57:57 PM | Attr = RHS]
DRIVERS -> %System32%\DRIVERS ->  [Folder | Modified Date = 1/22/2008 12:05:27 AM | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Modified Date = 1/21/2008 11:12:03 PM | Attr =	]
FxsTmp -> %System32%\FxsTmp ->  [Folder | Modified Date = 1/24/2008 10:15:19 AM | Attr =	]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 1/22/2008 1:24:37 PM | Attr =	]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 1/22/2008 1:24:36 PM | Attr =	]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 1/22/2008 1:24:37 PM | Attr =	]
WPA.DBL -> %System32%\WPA.DBL ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/28/2008 10:06:46 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/22/2008 10:28:13 AM | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Modified Date = 1/21/2008 11:06:33 PM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Modified Date = 1/21/2008 11:06:16 PM | Attr =  H ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 1/28/2008 10:09:46 AM | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 1/28/2008 10:09:50 AM | Attr =  HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/22/2008 1:24:33 PM | Attr =   S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/21/2008 11:14:53 PM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 1/21/2008 11:08:52 PM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 1/21/2008 11:11:35 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 1/21/2008 11:12:39 PM | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 1/22/2008 4:58:09 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/22/2008 12:06:38 AM | Attr =  HS]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 1/21/2008 11:09:12 PM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 1/22/2008 11:09:01 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 1/22/2008 12:49:41 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 1/28/2008 1:30:30 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 1/24/2008 4:16:14 PM | Attr =  H ]
SYSTEM32 -> %System32% ->  [Folder | Modified Date = 1/25/2008 3:03:32 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 1/28/2008 1:29:02 PM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 1/21/2008 11:09:29 PM | Attr =	]
WIN.INI -> %SystemRoot%\WIN.INI ->  [Ver =  | Size = 727 bytes | Modified Date = 1/22/2008 1:46:10 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 1/28/2008 10:10:00 AM | Attr =  H ]
Spybot - Search & Destroy -  Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy -  Scheduled Task.job ->  [Ver =  | Size = 344 bytes | Modified Date = 1/28/2008 10:09:59 AM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 1/22/2008 10:28:34 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 1/22/2008 10:28:34 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 3/6/2005 9:52:41 PM | Attr =	]
TD76J.com%2Fsearch%3Fp%3Dmyspace%26fr%3Dyfp-t-501%26toggle%3D1%26cop%3Dmss%26ei%3DUTF-8&cc=-383&flash=8&u_h=840&u_w=1120&u_ah=840&u_aw=1120&u_cd=32&u_tz=-240&u_his=3&u_java=true -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\0HAVOPEZ\TD76J.com -> File not found
GPInstall.exe -> C:\Documents and Settings\christiansen\Local Settings\Temp\GPInstall.exe -> Qsc [Ver = 5.0.3.32 | Size = 796672 bytes | Modified Date = 7/15/2005 10:36:23 AM | Attr =	]
rw2_021_w02_enu.exe -> C:\Documents and Settings\christiansen\Local Settings\Temp\rw2_021_w02_enu.exe -> Hewlett-Packard Company [Ver = AIO_002_004_001_021_web_1.0 | Size = 174207416 bytes | Modified Date = 3/7/2007 5:09:09 PM | Attr =	]
795 C:\Documents and Settings\christiansen\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\christiansen\Local Settings\Temp\*.tmp -> 
IsUninst.Exe -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.Exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 10/29/1998 3:45:06 PM | Attr =	]
IsUninst.Exe -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\IsUninst.Exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 10/29/1998 3:45:06 PM | Attr =	]
IsUninst.Exe -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\IsUninst.Exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 10/29/1998 3:45:06 PM | Attr =	]
ZDataI51.dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP1.DIR\ZDataI51.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 9/23/2005 2:33:52 PM | Attr =	]
_WUTL951.DLL -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP1.DIR\_WUTL951.DLL -> InstallShield Software Corporation [Ver = 5, 50, 132, 0 | Size = 46592 bytes | Modified Date = 9/23/2005 2:33:52 PM | Attr =	]
1360ca5.DLL -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\1360ca5.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 9/22/1998 6:05:48 PM | Attr =	]
Ctl3d32.dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/13/1995 5:46:26 PM | Attr =	]
ZDataI51.dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP2.DIR\ZDataI51.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 9/23/2005 2:34:27 PM | Attr =	]
_WUTL951.DLL -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP2.DIR\_WUTL951.DLL -> InstallShield Software Corporation [Ver = 5, 50, 132, 0 | Size = 46592 bytes | Modified Date = 9/23/2005 2:34:27 PM | Attr =	]
13692b5.DLL -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\13692b5.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 9/22/1998 6:05:48 PM | Attr =	]
Ctl3d32.dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/13/1995 5:46:26 PM | Attr =	]
ZDataI51.dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP3.DIR\ZDataI51.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 9/23/2005 2:35:04 PM | Attr =	]
_WUTL951.DLL -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP3.DIR\_WUTL951.DLL -> InstallShield Software Corporation [Ver = 5, 50, 132, 0 | Size = 46592 bytes | Modified Date = 9/23/2005 2:35:04 PM | Attr =	]
1372191.DLL -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\1372191.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 9/22/1998 6:05:48 PM | Attr =	]
Ctl3d32.dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/13/1995 5:46:26 PM | Attr =	]
eBayISAPI[1].dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L2FCDE7\eBayISAPI[1].dll ->  [Ver =  | Size = 7437 bytes | Modified Date = 3/15/2007 4:57:29 PM | Attr =	]
index.dat -> C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\index.dat ->  [Ver =  | Size = 49152 bytes | Modified Date = 6/18/2007 3:41:55 PM | Attr =	]
index.dat -> C:\Documents and Settings\christiansen\Local Settings\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 114688 bytes | Modified Date = 6/18/2007 3:41:55 PM | Attr =	]
index.dat -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 1392640 bytes | Modified Date = 6/18/2007 3:41:55 PM | Attr =	]
RunTime.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\RunTime.ini ->  [Ver =  | Size = 578 bytes | Modified Date = 6/26/2007 8:50:44 AM | Attr =	]
{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini ->  [Ver =  | Size = 643 bytes | Modified Date = 12/27/2007 11:29:52 AM | Attr =	]
795 C:\Documents and Settings\christiansen\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\christiansen\Local Settings\Temp\*.tmp -> 
Corecomp.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Corecomp.ini ->  [Ver =  | Size = 28290 bytes | Modified Date = 1/12/1999 10:48:42 AM | Attr =	]
Corecomp.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Corecomp.ini ->  [Ver =  | Size = 28290 bytes | Modified Date = 1/12/1999 10:48:42 AM | Attr =	]
Corecomp.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\Corecomp.ini ->  [Ver =  | Size = 28290 bytes | Modified Date = 1/12/1999 10:48:42 AM | Attr =	]
settings.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\GLF4.tmp\settings.ini ->  [Ver =  | Size = 237 bytes | Modified Date = 2/17/2006 3:09:25 PM | Attr =	]
desktop.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 3/15/2007 3:55:57 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/15/2007 3:55:57 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\0HAVOPEZ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/15/2007 3:55:57 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\4LQNWPQJ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/15/2007 3:55:57 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L2FCDE7\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/15/2007 3:55:57 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\GH6B496N\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/15/2007 3:55:57 PM | Attr =  HS]
ALUpdate.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ALUpdate.exe -> Sophos Plc [Ver = 5.4.13.143 | Size = 602112 bytes | Modified Date = 8/1/2007 7:53:07 AM | Attr =	]
ConfigureSAV.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\ConfigureSAV.exe ->  [Ver =  | Size = 94208 bytes | Modified Date = 8/13/2007 11:59:52 AM | Attr =	]
sav32cli.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\sav32cli.exe -> Sophos Plc [Ver = 2.09.000 | Size = 203832 bytes | Modified Date = 10/1/2007 5:15:45 AM | Attr =	]
SAVAdminService.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 69632 bytes | Modified Date = 8/10/2007 11:46:23 AM | Attr =	]
SAVCleanupService.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SAVCleanupService.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 90112 bytes | Modified Date = 3/9/2007 3:28:15 AM | Attr =	]
SavService.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavService.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 98304 bytes | Modified Date = 8/10/2007 11:46:14 AM | Attr =	]
BackgroundScanClient.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\BackgroundScanClient.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 45624 bytes | Modified Date = 3/9/2007 3:50:06 AM | Attr =	]
SavMain.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavMain.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 1997880 bytes | Modified Date = 8/10/2007 11:58:38 AM | Attr =	]
SavProgress.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavProgress.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 556088 bytes | Modified Date = 8/10/2007 11:58:40 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\Win2K\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 17920 bytes | Modified Date = 3/9/2007 3:56:37 AM | Attr =	]
native.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinLH_AMD64\native.exe ->  [Ver =  | Size = 40448 bytes | Modified Date = 4/2/2007 9:23:26 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinLH_AMD64\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 22528 bytes | Modified Date = 3/9/2007 3:56:19 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinLH_i386\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 17920 bytes | Modified Date = 3/9/2007 3:56:37 AM | Attr =	]
native.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinLH_IA64\native.exe ->  [Ver =  | Size = 78336 bytes | Modified Date = 4/2/2007 9:23:30 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinLH_IA64\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 46080 bytes | Modified Date = 3/9/2007 3:56:28 AM | Attr =	]
native.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinXP_AMD64\native.exe ->  [Ver =  | Size = 40448 bytes | Modified Date = 4/2/2007 9:23:26 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinXP_AMD64\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 22528 bytes | Modified Date = 3/9/2007 3:56:19 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinXP_i386\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 17920 bytes | Modified Date = 3/9/2007 3:56:37 AM | Attr =	]
native.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinXP_IA64\native.exe ->  [Ver =  | Size = 78336 bytes | Modified Date = 4/2/2007 9:23:30 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinXP_IA64\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 46080 bytes | Modified Date = 3/9/2007 3:56:28 AM | Attr =	]
ALUpdate.exe -> C:\WINDOWS\Temp\sotmp1.dir\ALUpdate.exe -> Sophos plc [Ver = 3.4.27.1 | Size = 184320 bytes | Modified Date = 11/24/2005 10:31:27 AM | Attr =	]
boost_date_time-vc71-mt-1_32.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll ->  [Ver =  | Size = 45056 bytes | Modified Date = 4/2/2007 4:07:13 AM | Attr =	]
ChannelUpdater.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ChannelUpdater.dll -> Sophos Plc [Ver = 1.0.7.143 | Size = 94208 bytes | Modified Date = 8/1/2007 7:52:32 AM | Attr =	]
CidSync.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\CidSync.dll -> Sophos Plc [Ver = 3.2.3.131 | Size = 176128 bytes | Modified Date = 4/10/2007 11:00:36 AM | Attr =	]
crypto.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\crypto.dll ->  [Ver =  | Size = 20480 bytes | Modified Date = 4/3/2007 2:17:01 AM | Attr =	]
InstlMgr.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\InstlMgr.dll ->  [Ver = 1.0.3.1 | Size = 86016 bytes | Modified Date = 3/21/2006 2:38:51 PM | Attr =	]
libcurl.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\libcurl.dll -> The cURL library, http://curl.haxx.se/ [Ver = 7.15.0 | Size = 159744 bytes | Modified Date = 1/11/2007 9:31:51 AM | Attr =	]
libeay32.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\libeay32.dll ->  [Ver =  | Size = 745472 bytes | Modified Date = 3/30/2007 10:12:11 AM | Attr =	]
Logger.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\Logger.dll ->  [Ver = 1.0.7.1 | Size = 266240 bytes | Modified Date = 3/21/2006 2:38:48 PM | Attr =	]
MSVCP71.DLL -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\MSVCP71.DLL -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 7/2/2005 6:15:26 AM | Attr =	]
MSVCR71.DLL -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\MSVCR71.DLL -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 7/2/2005 6:15:36 AM | Attr =	]
retailer.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\retailer.dll -> Sophos Plc [Ver = 1.1.7.144 | Size = 208896 bytes | Modified Date = 8/1/2007 7:52:03 AM | Attr =	]
SharedRes.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\SharedRes.dll -> Sophos Plc [Ver = 1.4.38.131 | Size = 18432 bytes | Modified Date = 4/3/2007 2:24:06 AM | Attr =	]
xmlcpp.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\xmlcpp.dll ->  [Ver =  | Size = 14336 bytes | Modified Date = 4/3/2007 2:17:03 AM | Attr =	]
xmlparse.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\xmlparse.dll ->  [Ver =  | Size = 57344 bytes | Modified Date = 3/30/2007 10:05:41 AM | Attr =	]
xmltok.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\xmltok.dll ->  [Ver =  | Size = 73728 bytes | Modified Date = 3/30/2007 10:04:58 AM | Attr =	]
detoured.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\detoured.dll -> Sophos Plc [Ver = 1.0.0.3741 | Size = 173056 bytes | Modified Date = 9/21/2007 5:56:35 AM | Attr =	]
osdp.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\osdp.dll -> Sophos Plc [Ver = 1.37.1501 | Size = 94208 bytes | Modified Date = 10/1/2007 5:05:42 AM | Attr =	]
savi.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\savi.dll -> Sophos Plc [Ver = 6.2.0.0300 | Size = 385024 bytes | Modified Date = 10/1/2007 5:05:35 AM | Attr =	]
Setup.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\Setup.dll -> Sophos Plc [Ver = 1.0.0.3741 | Size = 712704 bytes | Modified Date = 9/21/2007 5:50:30 AM | Attr =	]
veex.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\veex.dll -> Sophos Plc [Ver = 2.51.0.0300 | Size = 1568768 bytes | Modified Date = 10/1/2007 5:09:13 AM | Attr =	]
SAVPosturePlugin.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\Common\Cisco Systems\CiscoTrustAgent\Plugins\Install\SAVPosturePlugin.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 102400 bytes | Modified Date = 3/9/2007 3:28:41 AM | Attr =	]
Categories.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Categories.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 7168 bytes | Modified Date = 3/9/2007 3:56:05 AM | Attr =	]
msvcp71.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\msvcp71.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 3/19/2003 12:14:51 AM | Attr =	]
msvcr71.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\msvcr71.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 2/21/2003 7:42:21 AM | Attr =	]
SAVMSCM.DLL -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SAVMSCM.DLL -> Sophos Plc [Ver = 2.00.1501 | Size = 110592 bytes | Modified Date = 10/1/2007 5:24:49 AM | Attr =	]
SavNeutralRes.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavNeutralRes.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 651264 bytes | Modified Date = 3/9/2007 3:52:32 AM | Attr =	]
SavRes.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavRes.dll -> Sophos Plc [Ver = 1.0.0.3732 | Size = 466944 bytes | Modified Date = 8/21/2007 10:29:59 AM | Attr =	]
SavResChs.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResChs.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 151552 bytes | Modified Date = 5/18/2007 10:24:50 AM | Attr =	]
SavResCht.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResCht.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 151552 bytes | Modified Date = 5/18/2007 10:25:29 AM | Attr =	]
SavResDeu.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResDeu.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 163840 bytes | Modified Date = 5/18/2007 10:26:08 AM | Attr =	]
SavResEng.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResEng.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 151552 bytes | Modified Date = 5/18/2007 10:18:01 AM | Attr =	]
SavResEsp.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResEsp.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 155648 bytes | Modified Date = 5/18/2007 10:27:27 AM | Attr =	]
SavResFra.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResFra.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 163840 bytes | Modified Date = 5/18/2007 10:26:48 AM | Attr =	]
SavResIt.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResIt.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 163840 bytes | Modified Date = 5/18/2007 10:28:07 AM | Attr =	]
SavResJap.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResJap.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 151552 bytes | Modified Date = 5/18/2007 10:28:47 AM | Attr =	]
SavShellExtIa64.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavShellExtIa64.dll -> Sophos Plc [Ver = 1.0.0.3110 | Size = 1186304 bytes | Modified Date = 4/2/2007 9:25:22 AM | Attr =	]
SavShellExtX64.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavShellExtX64.dll -> Sophos Plc [Ver = 1.0.0.3110 | Size = 742912 bytes | Modified Date = 4/2/2007 9:24:28 AM | Attr =	]
AuthorisedLists.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\AuthorisedLists.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 147456 bytes | Modified Date = 8/10/2007 11:45:38 AM | Attr =	]
BackgroundScanning.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\BackgroundScanning.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 77824 bytes | Modified Date = 3/9/2007 3:47:20 AM | Attr =	]
ComponentManager.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ComponentManager.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 81920 bytes | Modified Date = 3/9/2007 3:29:16 AM | Attr =	]
Configuration.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\Configuration.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 274432 bytes | Modified Date = 8/10/2007 11:49:26 AM | Attr =	]
DesktopMessaging.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\DesktopMessaging.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 327680 bytes | Modified Date = 5/18/2007 9:23:04 AM | Attr =	]
DriveProcessor.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\DriveProcessor.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 147456 bytes | Modified Date = 3/9/2007 3:25:12 AM | Attr =	]
EEConsumer.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\EEConsumer.dll -> Sophos Plc [Ver = 1.0.0.3170 | Size = 110592 bytes | Modified Date = 6/25/2007 10:09:12 AM | Attr =	]
FilterProcessors.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\FilterProcessors.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 233472 bytes | Modified Date = 8/10/2007 11:56:42 AM | Attr =	]
FSDecomposer.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\FSDecomposer.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 98304 bytes | Modified Date = 8/10/2007 11:56:50 AM | Attr =	]
ICAdapter.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ICAdapter.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 98304 bytes | Modified Date = 5/18/2007 9:22:12 AM | Attr =	]
ICManagement.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ICManagement.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 274432 bytes | Modified Date = 8/10/2007 11:47:00 AM | Attr =	]
ICProcessors.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ICProcessors.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 258048 bytes | Modified Date = 8/10/2007 11:48:54 AM | Attr =	]
LegacyConsumers.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\LegacyConsumers.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 135168 bytes | Modified Date = 3/9/2007 3:30:02 AM | Attr =	]
Localisation.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\Localisation.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 126976 bytes | Modified Date = 3/9/2007 3:44:10 AM | Attr =	]
Logging.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\Logging.dll -> Sophos Plc [Ver = 1.0.0.3110 | Size = 462848 bytes | Modified Date = 4/2/2007 9:05:24 AM | Attr =	]
Persistance.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\Persistance.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 98304 bytes | Modified Date = 3/9/2007 3:45:08 AM | Attr =	]
SavAdapter.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavAdapter.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 606208 bytes | Modified Date = 8/10/2007 11:48:38 AM | Attr =	]
SavShellExt.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavShellExt.dll -> Sophos Plc [Ver = 1.0.0.3110 | Size = 315392 bytes | Modified Date = 4/2/2007 8:59:18 AM | Attr =	]
ScanEditExports.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ScanEditExports.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 29184 bytes | Modified Date = 3/9/2007 3:45:16 AM | Attr =	]
ScanEditFacade.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ScanEditFacade.dll -> Sophos Plc [Ver = 1.0.0.3733 | Size = 188416 bytes | Modified Date = 8/23/2007 10:32:28 AM | Attr =	]
ScanManagement.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ScanManagement.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 237568 bytes | Modified Date = 8/10/2007 11:56:02 AM | Attr =	]
Security.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\Security.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 114688 bytes | Modified Date = 3/9/2007 3:33:40 AM | Attr =	]
SIPSManagement.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SIPSManagement.dll -> Sophos Plc [Ver = 1.0.0.3731 | Size = 499712 bytes | Modified Date = 8/16/2007 7:33:54 AM | Attr =	]
SophtainerAdapter.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SophtainerAdapter.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 110592 bytes | Modified Date = 8/10/2007 11:56:10 AM | Attr =	]
SystemInformation.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SystemInformation.dll -> Sophos Plc [Ver = 1.0.0.3731 | Size = 147456 bytes | Modified Date = 8/16/2007 7:34:32 AM | Attr =	]
ThreatDetection.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ThreatDetection.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 393216 bytes | Modified Date = 8/10/2007 11:57:02 AM | Attr =	]
ThreatManagement.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ThreatManagement.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 557056 bytes | Modified Date = 8/10/2007 11:58:34 AM | Attr =	]
Translators.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\Translators.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 204800 bytes | Modified Date = 3/9/2007 3:26:52 AM | Attr =	]
VirusDetection.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\VirusDetection.dll -> Sophos Plc [Ver = 1.0.0.3731 | Size = 446464 bytes | Modified Date = 8/16/2007 7:35:10 AM | Attr =	]
msxml4.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\SXS\msxml4.dll -> Microsoft Corporation [Ver = 4.20.9818.0 | Size = 1233920 bytes | Modified Date = 4/18/2003 12:46:22 PM | Attr =	]
msxml4r.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\SXS\msxml4r.dll -> Microsoft Corporation [Ver = 4.10.9404.0 | Size = 82432 bytes | Modified Date = 4/18/2003 12:29:26 PM | Attr =	]
msxml4.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\System\msxml4.dll -> Microsoft Corporation [Ver = 4.20.9818.0 | Size = 1233920 bytes | Modified Date = 4/18/2003 12:46:22 PM | Attr =	]
msxml4a.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\System\msxml4a.dll -> Microsoft Corporation [Ver = 4.10.9404.0 | Size = 44544 bytes | Modified Date = 4/18/2003 12:29:26 PM | Attr =	]
msxml4r.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\System\msxml4r.dll -> Microsoft Corporation [Ver = 4.10.9404.0 | Size = 82432 bytes | Modified Date = 4/18/2003 12:29:26 PM | Attr =	]
CidSync.dll -> C:\WINDOWS\Temp\sotmp1.dir\CidSync.dll -> SOPHOS Plc [Ver = 2.0.49.6 | Size = 225280 bytes | Modified Date = 11/24/2005 10:31:14 AM | Attr =	]
Config.dll -> C:\WINDOWS\Temp\sotmp1.dir\Config.dll -> SOPHOS Plc [Ver = 1.0.33.1 | Size = 102400 bytes | Modified Date = 11/24/2005 10:31:15 AM | Attr =	]
InstlMgr.dll -> C:\WINDOWS\Temp\sotmp1.dir\InstlMgr.dll ->  [Ver = 1.0.3.1 | Size = 86016 bytes | Modified Date = 11/24/2005 10:31:23 AM | Attr =	]
libeay32.dll -> C:\WINDOWS\Temp\sotmp1.dir\libeay32.dll ->  [Ver =  | Size = 798720 bytes | Modified Date = 7/2/2005 6:15:33 AM | Attr =	]
Logger.dll -> C:\WINDOWS\Temp\sotmp1.dir\Logger.dll ->  [Ver = 1.0.7.1 | Size = 266240 bytes | Modified Date = 11/24/2005 10:31:19 AM | Attr =	]
MSVCP71.DLL -> C:\WINDOWS\Temp\sotmp1.dir\MSVCP71.DLL -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 7/2/2005 6:15:26 AM | Attr =	]
MSVCR71.DLL -> C:\WINDOWS\Temp\sotmp1.dir\MSVCR71.DLL -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 7/2/2005 6:15:36 AM | Attr =	]
SharedRes.dll -> C:\WINDOWS\Temp\sotmp1.dir\SharedRes.dll -> SOPHOS Plc [Ver = 1.2.33.0 | Size = 13312 bytes | Modified Date = 11/24/2005 10:28:21 AM | Attr =	]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =	]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =	]
scf.dat -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\scf.dat ->  [Ver =  | Size = 2970 bytes | Modified Date = 10/18/2007 12:08:46 PM | Attr =	]
HIPSConfig-1-0-4.dat -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\HIPSConfig-1-0-4.dat ->  [Ver =  | Size = 2812 bytes | Modified Date = 8/10/2007 5:16:06 AM | Attr =	]
vdl.dat -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\vdl.dat ->  [Ver =  | Size = 500443 bytes | Modified Date = 10/10/2007 10:29:15 AM | Attr =	]
scf.dat -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\scf.dat ->  [Ver =  | Size = 2915 bytes | Modified Date = 9/20/2007 8:15:29 AM | Attr =	]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =	]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8L3BGQV1\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9FPPJOL6\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OYLMOPK2\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\VJJ1BXDG\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =  HS]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/22/2008 12:06:56 AM | Attr =	]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 1/21/2008 11:15:33 PM | Attr =	]
DESKTOP.INI -> %UserDocuments%\DESKTOP.INI ->  [Ver =  | Size = 83 bytes | Modified Date = 1/21/2008 11:15:21 PM | Attr =  HS]
My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 1/21/2008 11:15:21 PM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 1/21/2008 11:15:21 PM | Attr = R  ]
fixes -> %UserDesktop%\fixes ->  [Folder | Modified Date = 1/22/2008 2:41:27 PM | Attr =	]
Microsoft Office Word 2003.lnk -> %UserDesktop%\Microsoft Office Word 2003.lnk ->  [Ver =  | Size = 2497 bytes | Modified Date = 1/25/2008 11:10:23 AM | Attr =	]
OWA email.url -> %UserDesktop%\OWA email.url ->  [Ver =  | Size = 350 bytes | Modified Date = 1/28/2008 1:26:07 PM | Attr =	]
phone directory -> %UserDesktop%\phone directory ->  [Folder | Modified Date = 1/3/2008 11:21:10 AM | Attr =	]
Price book -> %UserDesktop%\Price book ->  [Folder | Modified Date = 1/7/2008 10:30:33 AM | Attr =	]
prints -> %UserDesktop%\prints ->  [Folder | Modified Date = 1/24/2008 3:32:32 PM | Attr =	]
renderings -> %UserDesktop%\renderings ->  [Folder | Modified Date = 1/25/2008 3:03:31 PM | Attr =	]
Reports and Tracking -> %UserDesktop%\Reports and Tracking ->  [Folder | Modified Date = 1/23/2008 12:06:48 PM | Attr =	]
Rockofages.com.url -> %UserDesktop%\Rockofages.com.url ->  [Ver =  | Size = 191 bytes | Modified Date = 1/28/2008 10:37:27 AM | Attr =	]
scan.bmp -> %UserDesktop%\scan.bmp ->  [Ver =  | Size = 9670566 bytes | Modified Date = 1/24/2008 10:15:14 AM | Attr =	]
Toms documents -> %UserDesktop%\Toms documents ->  [Folder | Modified Date = 1/24/2008 10:16:18 AM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 1/28/2008 1:30:29 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478982 bytes | Modified Date = 1/28/2008 1:29:51 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 1/21/2008 10:06:52 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 1/22/2008 12:03:57 AM | Attr =	]

< End of report >


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:42 PM

Posted 28 January 2008 - 03:57 PM

Hi 250gibson. Ok, let's get started. Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\System\vd3_sys.dat []
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YY -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console]
YY -> {653D93AF-C741-4e5e-8C1B-59BA43F93E16}:Exec -> [Panda ActiveScan]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YY -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console]
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 250gibson

250gibson
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 28 January 2008 - 08:26 PM

Ok, I tried cutting and pasting the fix per your instructions in step 2. I let the fix run for 20 minutes, and checked the task manager, and said the WinPFind35U program was not responding. I ended the program with the task manager, and had to restart the computer in order to bring up the desktop. There were two icons on my desktop hpothb07.tiff and hpothb07.dat (they were transparent). I ran the superanti spyware program and it found 98 tracking cookies and 1 trojan.

Here is the Super-anti-spyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/28/2008 at 06:34 PM

Application Version : 3.9.1008

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 01:41:40

Memory items scanned : 419
Memory threats detected : 0
Registry items scanned : 5364
Registry threats detected : 0
File items scanned : 55352
File threats detected : 99

Adware.Tracking Cookie
C:\Documents and Settings\christiansen\Cookies\christiansen@6144.nosubid.clickshield[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@azjmp[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@tribalfusion[3].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@optimize.indieclick[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@ads.glispa[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@advancedcleaner[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@gomyron[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@prospect.adbureau[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@www5.addfreestats[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@casalemedia[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@protect.spyguardpro[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@avsystemcare[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@www.burstnet[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@ar.atwola[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@phillyburbscom.112.2o7[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@ads.active[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@ads.adbrite[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@ads.pointroll[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@adrevolver[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@adopt.specificclick[3].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@statcounter[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@media.adrevolver[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@tacoda[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@sale.pcsecuresystem[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@edge.ru4[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@spyguardpro[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@gomyhit[4].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@toseeka[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@tremor.adbureau[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@pro-market[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@realmedia[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@gomyhit[5].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@apmebf[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@precisionclick[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@imrworldwide[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@superstats[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@pcsecuresystem[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@zedo[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@secure.advancedcleaner[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@sales.liveperson[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@adknowledge[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@adopt.euroclick[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@www.burstbeacon[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@sale.spyguardpro[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@burstnet[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@bluestreak[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@stat.dealtime[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@sale.avsystemcare[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@sales.liveperson[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@sales.liveperson[3].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@atwola[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@jamster[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@specificclick[3].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@bestsexworld[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@enhance[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@gomyron[3].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@questionmarket[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@dealtime[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@homestore.122.2o7[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@trafficmp[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@shopping.112.2o7[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@track.dmipartners[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@adinterax[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@overture[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@ads.vidsense[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@revsci[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@adbrite[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@richmedia.yahoo[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@adlegend[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@ad.yieldmanager[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@2o7[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@findwhat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@adopt.specificclick[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@clickbank[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@media.adrevolver[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@questionmarket[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@revsci[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@richmedia.yahoo[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@specificclick[2].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@tribalfusion[1].txt
C:\Documents and Settings\christiansen\Cookies\christiansen@tribalfusion[2].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@2o7[2].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@ad.yieldmanager[1].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@apmebf[2].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@atwola[2].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@campaign.indieclick[1].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@casalemedia[1].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@e-2dj6wfkiumdjiap.stats.esomniture[2].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@edge.ru4[1].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@mediaservices.myspace[1].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@nextag[2].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@partner2profit[1].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@qksrv[2].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@realmedia[2].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@revsci[1].txt
C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\christiansen@trafficmp[2].txt

Trojan.WindowsUpdate
C:\PROGRAM FILES\COMMON FILES\SYSTEM\SVCHOST.EXE

Here is a new WinPFind35U report:

WinPFind35 logfile created on: 1/28/2008 8:22:35 PM
WinPFind35U Version Beta39	 Folder = C:\Documents and Settings\christiansen\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
 
383.23 Mb Total Physical Memory | 126.04 Mb Available Physical Memory | 32.89% Memory free
919.38 Mb Paging File | 623.58 Mb Available in Paging File | 67.83% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.87 Gb Total Space | 15.73 Gb Free Space | 56.44% Space Free | Partition Type: NTFS
Drive D: | 217.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ROARET021
Current User Name: christiansen
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe ->  [Ver =  | Size = 389120 bytes | Modified Date = 8/31/2004 9:38:00 PM | Attr =	]
savservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> Sophos Plc [Ver = 1.0.0.3755 | Size = 98304 bytes | Modified Date = 11/12/2007 12:08:37 PM | Attr =	]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 5:02:40 PM | Attr =	]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 5:05:10 PM | Attr =	]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 5:12:32 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
basfipm.exe -> %System32%\BAsfIpM.exe -> Broadcom Corp. [Ver = 6.0.3 | Size = 77824 bytes | Modified Date = 4/17/2003 1:00:12 PM | Attr =	]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 5:02:04 PM | Attr =	]
savadminservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 69632 bytes | Modified Date = 8/10/2007 11:46:23 AM | Attr =	]
alsvc.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> Sophos Plc [Ver = 3.7.18.131 | Size = 172032 bytes | Modified Date = 4/3/2007 2:28:46 AM | Attr =	]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 45 | Size = 389120 bytes | Modified Date = 9/7/2004 5:08:02 PM | Attr =	]
1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> Intel [Ver = 9, 0, 1, 33 | Size = 245760 bytes | Modified Date = 9/7/2004 5:03:40 PM | Attr =	]
ati2evxx.exe -> %System32%\ati2evxx.exe ->  [Ver =  | Size = 389120 bytes | Modified Date = 8/31/2004 9:38:00 PM | Attr =	]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe ->  [Ver = 1, 0, 0, 1 | Size = 610304 bytes | Modified Date = 10/7/2004 8:44:14 PM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 9/13/2004 2:49:00 PM | Attr =	]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =	]
almon.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> Sophos Plc [Ver = 3.10.54.138 | Size = 245760 bytes | Modified Date = 6/21/2007 5:18:00 AM | Attr =	]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 6:28:24 PM | Attr =	]
nkvmon.exe -> %ProgramFiles%\Nikon\NkView6\NkvMon.exe -> Nikon Corporation [Ver = 6, 0, 0, 3000 | Size = 237568 bytes | Modified Date = 12/4/2002 10:52:48 AM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 308224 bytes | Modified Date = 1/28/2008 12:03:42 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe ->  [Ver =  | Size = 389120 bytes | Modified Date = 8/31/2004 9:38:00 PM | Attr =	]
(BAsfIpM) Broadcom ASF IP monitoring service v6.0.3 [Win32_Own | Auto | Running] -> %System32%\BAsfIpM.exe -> Broadcom Corp. [Ver = 6.0.3 | Size = 77824 bytes | Modified Date = 4/17/2003 1:00:12 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\DMADMIN.EXE -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 5:02:40 PM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 11:14:36 AM | Attr =	]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 5:02:04 PM | Attr =	]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 5:05:10 PM | Attr =	]
(SAVAdminService) Sophos Anti-Virus status reporter [Win32_Own | Unknown | Running] ->  -> File not found
(SAVService) Sophos Anti-Virus [Win32_Own | Unknown | Running] ->  -> File not found
(Sophos AutoUpdate Service) Sophos AutoUpdate Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> Sophos Plc [Ver = 3.7.18.131 | Size = 172032 bytes | Modified Date = 4/3/2007 2:28:46 AM | Attr =	]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 5:12:32 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Kernel | Auto | Running] -> %System32%\DRIVERS\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.1.0.1 | Size = 17056 bytes | Modified Date = 2/22/2005 10:49:16 PM | Attr =	]
(AliIde) AliIde [Kernel | Boot | Running] -> %System32%\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 2:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 12:07:44 AM | Attr =	]
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %System32%\DRIVERS\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.5.1.271 | Size = 108791 bytes | Modified Date = 11/16/2004 11:03:52 AM | Attr =	]
(APPDRV) APPDRV [Kernel | System | Running] -> %System32%\DRIVERS\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 6/30/2004 11:39:36 AM | Attr =	]
(asc) asc [Kernel | Boot | Running] -> %System32%\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 2:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Boot | Running] -> %System32%\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 2:51:58 PM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6476 | Size = 788480 bytes | Modified Date = 8/31/2004 9:40:00 PM | Attr =	]
(b57w2k) Broadcom 570x Gigabit Integrated Controller [Kernel | On_Demand | Running] -> %System32%\DRIVERS\b57xp32.sys -> Broadcom Corporation [Ver = 6.64.0.0 built by: WinDDK | Size = 175360 bytes | Modified Date = 5/21/2003 7:47:12 PM | Attr =	]
(BASFND) BASFND [Kernel | Auto | Running] -> %System32%\DRIVERS\BASFND.sys -> Broadcom Corporation [Ver = 6.0.0.0 | Size = 6025 bytes | Modified Date = 4/24/2003 5:21:50 PM | Attr =	]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] ->  -> File not found
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %System32%\DRIVERS\cdr4_xp.sys -> Roxio [Ver = 5.3.4.21 | Size = 61424 bytes | Modified Date = 12/17/2002 1:32:58 PM | Attr =	]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %System32%\DRIVERS\cdralw2k.sys -> Roxio [Ver = 5.3.4.21 | Size = 23436 bytes | Modified Date = 12/17/2002 1:32:46 PM | Attr =	]
(cdudf_xp) cdudf_xp [File_System | System | Running] -> %System32%\DRIVERS\cdudf_xp.sys -> Roxio [Ver = 5.3.4.21 built by: WinDDK | Size = 241152 bytes | Modified Date = 12/17/2002 1:27:32 PM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %System32%\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 2:51:54 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %System32%\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 2:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMBOOT.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\DMIO.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(DS1410D) DS1410D [Kernel | Auto | Running] -> %System32%\DRIVERS\DS1410D.SYS -> Dallas Semiconductor MAXIM [Ver = 3, 0, 0, 0 | Size = 6689 bytes | Modified Date = 7/7/2005 2:17:22 PM | Attr =	]
(DS2490) DS2490 (USB Host for 1-Wire Network) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\DS2490.sys -> Dallas Semiconductor MAXIM [Ver = 0.0082 | Size = 50036 bytes | Modified Date = 7/7/2005 2:17:20 PM | Attr =	]
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\Dvd_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 25898 bytes | Modified Date = 2/22/2005 10:56:07 PM | Attr =	]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\E100B325.SYS -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 1:12:10 PM | Attr =	]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 7/28/2005 8:11:20 PM | Attr =	]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 7/28/2005 8:11:20 PM | Attr =	]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 7/28/2005 8:11:21 PM | Attr =	]
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 200064 bytes | Modified Date = 6/17/2004 4:57:02 PM | Attr =	]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 6/17/2004 4:55:04 PM | Attr =	]
(IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> %System32%\DRIVERS\iwca.sys -> Intel Corporation [Ver = 9.00.0.17 built by: WinDDK | Size = 234496 bytes | Modified Date = 8/12/2004 9:44:04 AM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\DRIVERS\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 1:04:14 PM | Attr =	]
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> %System32%\DRIVERS\Mmc_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 30630 bytes | Modified Date = 2/22/2005 10:56:07 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %System32%\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\NV4_MINI.SYS -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 11:29:56 PM | Attr =	]
(O2SCBUS) O2Micro SmartCardBus Reader [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ozscr.sys -> O2Micro [Ver = 3, 0, 0, 1 | Size = 91823 bytes | Modified Date = 7/9/2004 2:47:54 PM | Attr =	]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 17153 bytes | Modified Date = 2/13/2004 11:46:00 AM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %System32%\DRIVERS\pwd_2K.sys -> Roxio [Ver = 5.3.4.59 | Size = 143834 bytes | Modified Date = 2/22/2005 10:56:07 PM | Attr =	]
(ql1080) ql1080 [Kernel | Boot | Running] -> %System32%\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Boot | Running] -> %System32%\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Boot | Running] -> %System32%\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 2:52:18 PM | Attr =	]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\DRIVERS\s24trans.sys -> Intel Corporation [Ver = 9, 0, 0, 3 | Size = 11354 bytes | Modified Date = 8/31/2004 9:53:04 AM | Attr =	]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr =	]
(SAVOnAccessControl) SAVOnAccessControl [File_System | System | Running] -> %System32%\DRIVERS\savonaccesscontrol.sys -> Sophos Plc [Ver = 3.7.2.250 | Size = 101120 bytes | Modified Date = 9/10/2007 7:09:23 AM | Attr =	]
(SAVOnAccessFilter) SAVOnAccessFilter [File_System | System | Running] -> %System32%\DRIVERS\savonaccessfilter.sys -> Sophos Plc [Ver = 3.7.2.250 | Size = 33408 bytes | Modified Date = 9/10/2007 7:08:52 AM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %System32%\DRIVERS\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 12:07:44 AM | Attr =	]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %System32%\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr =	]
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %System32%\DRIVERS\stac97.sys -> SigmaTel, Inc. [Ver = 5.10.3952 | Size = 264440 bytes | Modified Date = 11/15/2004 4:37:52 PM | Attr =	]
(symc810) symc810 [Kernel | Boot | Running] -> %System32%\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 3:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %System32%\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 3:07:36 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %System32%\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 3:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %System32%\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 3:07:42 PM | Attr =	]
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %System32%\DRIVERS\udfreadr_xp.sys -> Roxio [Ver = 5.3.4.60 built by: WinDDK | Size = 206464 bytes | Modified Date = 2/22/2005 10:56:07 PM | Attr =	]
(ultra) ultra [Kernel | Boot | Running] -> %System32%\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 2:52:22 PM | Attr =	]
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %System32%\DRIVERS\w29n51.sys -> Intel® Corporation [Ver = 9000-61 Driver | Size = 3210496 bytes | Modified Date = 10/21/2004 4:56:04 PM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Modified Date = 6/17/2004 4:55:38 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:55 PM | Attr =	]
Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe ->  [Ver = 1, 0, 0, 1 | Size = 610304 bytes | Modified Date = 10/7/2004 8:44:14 PM | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 9/13/2004 2:49:00 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\AutoUpdate Monitor.lnk -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> Sophos Plc [Ver = 3.10.54.138 | Size = 245760 bytes | Modified Date = 6/21/2007 5:18:00 AM | Attr =	]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 6:28:24 PM | Attr =	]
%AllUsersStartup%\NkvMon.exe.lnk -> %ProgramFiles%\Nikon\NkView6\NkvMon.exe -> Nikon Corporation [Ver = 6, 0, 0, 3000 | Size = 237568 bytes | Modified Date = 12/4/2002 10:52:48 AM | Attr =	]
< christiansen Startup Folder > -> C:\Documents and Settings\christiansen\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL -> %ProgramFiles%\Sophos\Sophos Anti-Virus\sophos_detoured.dll ->  [Ver =  | Size = 172032 bytes | Modified Date = 11/12/2007 1:34:04 PM | Attr =	]
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe																																																										  "C:\Program Files\Common Files\System\svchost.exe" -> explorer.exe																																																										  "%CommonProgramFiles%\System\svchost.exe -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =	]
AtiExtEvent -> %System32%\ati2evxx.dll ->  [Ver =  | Size = 86016 bytes | Modified Date = 8/31/2004 9:38:00 PM | Attr =	]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 1, 0 | Size = 110592 bytes | Modified Date = 9/7/2004 5:08:06 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.dell.com -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.dell.com/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1593 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{653D93AF-C741-4e5e-8C1B-59BA43F93E16}:Exec ->  [Panda ActiveScan] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1F44C0FB-303F-4C43-8FAE-98163AAC2F8F} ->	(Broadcom 570x Gigabit Integrated Controller) -> 
{A59EAF9B-26D0-4833-9668-6D1FFD11419B} ->	(Intel(R) PRO/Wireless 2200BG Network Connection) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc2.cab[Office Update Installation Engine] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110162971524[WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}[HKEY_LOCAL_MACHINE] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx[Get_ActiveX Control] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}[HKEY_LOCAL_MACHINE] -> https://rockofages.webex.com/client/T23L/webex/ieatgpc.cab[GpcContainer Class] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]
msv1_0 -> %System32%\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1124 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\SCECLI.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\NTMARTA.DLL [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\SYSTEM32\IISSUBA.DLL [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 31164 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\IPNATHLP.DLL [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 3.8.0.5004 | Size = 405583 bytes | Modified Date = 1/4/2005 10:50:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 3.8.0.5004 | Size = 962638 bytes | Modified Date = 1/4/2005 10:49:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 5:59:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll [139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll [445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll [137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll [138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\WUAUSERV.DLL [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\REGSVC.DLL [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\SYSTEM32\TLNTSVR.EXE [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Created Date = 1/21/2008 9:26:47 PM | Attr =	]
ActiveScan -> %System32%\ActiveScan ->  [Folder | Created Date = 1/22/2008 1:24:32 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/22/2008 1:25:07 PM | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Created Date = 1/21/2008 11:09:25 PM | Attr =	]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Created Date = 1/22/2008 1:24:36 PM | Attr =	]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Created Date = 1/22/2008 1:24:35 PM | Attr =	]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Created Date = 1/22/2008 1:24:37 PM | Attr =	]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Created Date = 1/22/2008 1:25:07 PM | Attr =	]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Created Date = 1/21/2008 11:06:33 PM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Created Date = 1/21/2008 11:06:16 PM | Attr =  H ]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 1/21/2008 11:07:03 PM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Created Date = 1/21/2008 11:11:35 PM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 1/21/2008 11:02:45 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 1/22/2008 12:49:41 PM | Attr =  H ]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Created Date = 1/21/2008 11:09:29 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 1/22/2008 12:05:19 AM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 1/28/2008 4:05:47 PM | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 1/28/2008 4:05:13 PM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 1/28/2008 4:05:17 PM | Attr =	]
fixes -> %UserDesktop%\fixes ->  [Folder | Created Date = 1/22/2008 2:40:46 PM | Attr =	]
scan.bmp -> %UserDesktop%\scan.bmp ->  [Ver =  | Size = 9670566 bytes | Created Date = 1/24/2008 10:15:25 AM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 1/28/2008 1:30:29 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478982 bytes | Created Date = 1/28/2008 1:29:50 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 1/28/2008 4:05:22 PM | Attr =  H ]
fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Modified Date = 1/22/2008 2:14:10 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 401911808 bytes | Modified Date = 1/28/2008 8:00:49 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/28/2008 4:05:13 PM | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 1/22/2008 10:58:36 PM | Attr =	]
ActiveScan -> %System32%\ActiveScan ->  [Folder | Modified Date = 1/22/2008 1:25:36 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 1/21/2008 11:04:04 PM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/28/2008 5:02:38 PM | Attr =	]
CONFIG -> %System32%\CONFIG ->  [Folder | Modified Date = 1/21/2008 11:09:34 PM | Attr =	]
DLLCACHE -> %System32%\DLLCACHE ->  [Folder | Modified Date = 1/22/2008 4:57:57 PM | Attr = RHS]
DRIVERS -> %System32%\DRIVERS ->  [Folder | Modified Date = 1/22/2008 12:05:27 AM | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Modified Date = 1/21/2008 11:12:03 PM | Attr =	]
FxsTmp -> %System32%\FxsTmp ->  [Folder | Modified Date = 1/24/2008 10:15:19 AM | Attr =	]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 1/22/2008 1:24:37 PM | Attr =	]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 1/22/2008 1:24:36 PM | Attr =	]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 1/22/2008 1:24:37 PM | Attr =	]
WPA.DBL -> %System32%\WPA.DBL ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/28/2008 10:06:46 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/22/2008 10:28:13 AM | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Modified Date = 1/21/2008 11:06:33 PM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Modified Date = 1/21/2008 11:06:16 PM | Attr =  H ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 1/28/2008 8:00:52 PM | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 1/28/2008 10:09:50 AM | Attr =  HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/22/2008 1:24:33 PM | Attr =   S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/21/2008 11:14:53 PM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 1/21/2008 11:08:52 PM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 1/21/2008 11:11:35 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 1/21/2008 11:12:39 PM | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 1/22/2008 4:58:09 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/28/2008 4:05:21 PM | Attr =  HS]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 1/21/2008 11:09:12 PM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 1/22/2008 11:09:01 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 1/22/2008 12:49:41 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 1/28/2008 4:30:04 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 1/24/2008 4:16:14 PM | Attr =  H ]
SYSTEM32 -> %System32% ->  [Folder | Modified Date = 1/25/2008 3:03:32 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 1/28/2008 8:01:53 PM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 1/21/2008 11:09:29 PM | Attr =	]
WIN.INI -> %SystemRoot%\WIN.INI ->  [Ver =  | Size = 727 bytes | Modified Date = 1/22/2008 1:46:10 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 1/28/2008 8:01:04 PM | Attr =  H ]
Spybot - Search & Destroy -  Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy -  Scheduled Task.job ->  [Ver =  | Size = 344 bytes | Modified Date = 1/28/2008 4:26:44 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 1/22/2008 10:28:34 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 1/22/2008 10:28:34 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 3/6/2005 9:52:41 PM | Attr =	]
TD76J.com%2Fsearch%3Fp%3Dmyspace%26fr%3Dyfp-t-501%26toggle%3D1%26cop%3Dmss%26ei%3DUTF-8&cc=-383&flash=8&u_h=840&u_w=1120&u_ah=840&u_aw=1120&u_cd=32&u_tz=-240&u_his=3&u_java=true -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\0HAVOPEZ\TD76J.com -> File not found
GPInstall.exe -> C:\Documents and Settings\christiansen\Local Settings\Temp\GPInstall.exe -> Qsc [Ver = 5.0.3.32 | Size = 796672 bytes | Modified Date = 7/15/2005 10:36:23 AM | Attr =	]
rw2_021_w02_enu.exe -> C:\Documents and Settings\christiansen\Local Settings\Temp\rw2_021_w02_enu.exe -> Hewlett-Packard Company [Ver = AIO_002_004_001_021_web_1.0 | Size = 174207416 bytes | Modified Date = 3/7/2007 5:09:09 PM | Attr =	]
795 C:\Documents and Settings\christiansen\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\christiansen\Local Settings\Temp\*.tmp -> 
IsUninst.Exe -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.Exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 10/29/1998 3:45:06 PM | Attr =	]
IsUninst.Exe -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\IsUninst.Exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 10/29/1998 3:45:06 PM | Attr =	]
IsUninst.Exe -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\IsUninst.Exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 10/29/1998 3:45:06 PM | Attr =	]
ZDataI51.dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP1.DIR\ZDataI51.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 9/23/2005 2:33:52 PM | Attr =	]
_WUTL951.DLL -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP1.DIR\_WUTL951.DLL -> InstallShield Software Corporation [Ver = 5, 50, 132, 0 | Size = 46592 bytes | Modified Date = 9/23/2005 2:33:52 PM | Attr =	]
1360ca5.DLL -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\1360ca5.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 9/22/1998 6:05:48 PM | Attr =	]
Ctl3d32.dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/13/1995 5:46:26 PM | Attr =	]
ZDataI51.dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP2.DIR\ZDataI51.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 9/23/2005 2:34:27 PM | Attr =	]
_WUTL951.DLL -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP2.DIR\_WUTL951.DLL -> InstallShield Software Corporation [Ver = 5, 50, 132, 0 | Size = 46592 bytes | Modified Date = 9/23/2005 2:34:27 PM | Attr =	]
13692b5.DLL -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\13692b5.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 9/22/1998 6:05:48 PM | Attr =	]
Ctl3d32.dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/13/1995 5:46:26 PM | Attr =	]
ZDataI51.dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP3.DIR\ZDataI51.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 9/23/2005 2:35:04 PM | Attr =	]
_WUTL951.DLL -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP3.DIR\_WUTL951.DLL -> InstallShield Software Corporation [Ver = 5, 50, 132, 0 | Size = 46592 bytes | Modified Date = 9/23/2005 2:35:04 PM | Attr =	]
1372191.DLL -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\1372191.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 9/22/1998 6:05:48 PM | Attr =	]
Ctl3d32.dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/13/1995 5:46:26 PM | Attr =	]
eBayISAPI[1].dll -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L2FCDE7\eBayISAPI[1].dll ->  [Ver =  | Size = 7437 bytes | Modified Date = 3/15/2007 4:57:29 PM | Attr =	]
index.dat -> C:\Documents and Settings\christiansen\Local Settings\Temp\Cookies\index.dat ->  [Ver =  | Size = 49152 bytes | Modified Date = 6/18/2007 3:41:55 PM | Attr =	]
index.dat -> C:\Documents and Settings\christiansen\Local Settings\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 114688 bytes | Modified Date = 6/18/2007 3:41:55 PM | Attr =	]
index.dat -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 1392640 bytes | Modified Date = 6/18/2007 3:41:55 PM | Attr =	]
RunTime.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\RunTime.ini ->  [Ver =  | Size = 578 bytes | Modified Date = 6/26/2007 8:50:44 AM | Attr =	]
{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini ->  [Ver =  | Size = 643 bytes | Modified Date = 12/27/2007 11:29:52 AM | Attr =	]
795 C:\Documents and Settings\christiansen\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\christiansen\Local Settings\Temp\*.tmp -> 
Corecomp.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Corecomp.ini ->  [Ver =  | Size = 28290 bytes | Modified Date = 1/12/1999 10:48:42 AM | Attr =	]
Corecomp.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Corecomp.ini ->  [Ver =  | Size = 28290 bytes | Modified Date = 1/12/1999 10:48:42 AM | Attr =	]
Corecomp.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\Corecomp.ini ->  [Ver =  | Size = 28290 bytes | Modified Date = 1/12/1999 10:48:42 AM | Attr =	]
settings.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\GLF4.tmp\settings.ini ->  [Ver =  | Size = 237 bytes | Modified Date = 2/17/2006 3:09:25 PM | Attr =	]
desktop.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 3/15/2007 3:55:57 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/15/2007 3:55:57 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\0HAVOPEZ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/15/2007 3:55:57 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\4LQNWPQJ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/15/2007 3:55:57 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L2FCDE7\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/15/2007 3:55:57 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\christiansen\Local Settings\Temp\Temporary Internet Files\Content.IE5\GH6B496N\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/15/2007 3:55:57 PM | Attr =  HS]
ALUpdate.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ALUpdate.exe -> Sophos Plc [Ver = 5.4.13.143 | Size = 602112 bytes | Modified Date = 8/1/2007 7:53:07 AM | Attr =	]
ConfigureSAV.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\ConfigureSAV.exe ->  [Ver =  | Size = 94208 bytes | Modified Date = 8/13/2007 11:59:52 AM | Attr =	]
sav32cli.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\sav32cli.exe -> Sophos Plc [Ver = 2.09.000 | Size = 203832 bytes | Modified Date = 10/1/2007 5:15:45 AM | Attr =	]
SAVAdminService.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 69632 bytes | Modified Date = 8/10/2007 11:46:23 AM | Attr =	]
SAVCleanupService.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SAVCleanupService.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 90112 bytes | Modified Date = 3/9/2007 3:28:15 AM | Attr =	]
SavService.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavService.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 98304 bytes | Modified Date = 8/10/2007 11:46:14 AM | Attr =	]
BackgroundScanClient.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\BackgroundScanClient.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 45624 bytes | Modified Date = 3/9/2007 3:50:06 AM | Attr =	]
SavMain.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavMain.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 1997880 bytes | Modified Date = 8/10/2007 11:58:38 AM | Attr =	]
SavProgress.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavProgress.exe -> Sophos Plc [Ver = 1.0.0.3730 | Size = 556088 bytes | Modified Date = 8/10/2007 11:58:40 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\Win2K\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 17920 bytes | Modified Date = 3/9/2007 3:56:37 AM | Attr =	]
native.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinLH_AMD64\native.exe ->  [Ver =  | Size = 40448 bytes | Modified Date = 4/2/2007 9:23:26 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinLH_AMD64\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 22528 bytes | Modified Date = 3/9/2007 3:56:19 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinLH_i386\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 17920 bytes | Modified Date = 3/9/2007 3:56:37 AM | Attr =	]
native.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinLH_IA64\native.exe ->  [Ver =  | Size = 78336 bytes | Modified Date = 4/2/2007 9:23:30 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinLH_IA64\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 46080 bytes | Modified Date = 3/9/2007 3:56:28 AM | Attr =	]
native.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinXP_AMD64\native.exe ->  [Ver =  | Size = 40448 bytes | Modified Date = 4/2/2007 9:23:26 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinXP_AMD64\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 22528 bytes | Modified Date = 3/9/2007 3:56:19 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinXP_i386\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 17920 bytes | Modified Date = 3/9/2007 3:56:37 AM | Attr =	]
native.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinXP_IA64\native.exe ->  [Ver =  | Size = 78336 bytes | Modified Date = 4/2/2007 9:23:30 AM | Attr =	]
SophosBootTasks.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\WinXP_IA64\SophosBootTasks.exe -> Sophos Plc [Ver = 1.0.0.3090 | Size = 46080 bytes | Modified Date = 3/9/2007 3:56:28 AM | Attr =	]
ALUpdate.exe -> C:\WINDOWS\Temp\sotmp1.dir\ALUpdate.exe -> Sophos plc [Ver = 3.4.27.1 | Size = 184320 bytes | Modified Date = 11/24/2005 10:31:27 AM | Attr =	]
boost_date_time-vc71-mt-1_32.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll ->  [Ver =  | Size = 45056 bytes | Modified Date = 4/2/2007 4:07:13 AM | Attr =	]
ChannelUpdater.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ChannelUpdater.dll -> Sophos Plc [Ver = 1.0.7.143 | Size = 94208 bytes | Modified Date = 8/1/2007 7:52:32 AM | Attr =	]
CidSync.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\CidSync.dll -> Sophos Plc [Ver = 3.2.3.131 | Size = 176128 bytes | Modified Date = 4/10/2007 11:00:36 AM | Attr =	]
crypto.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\crypto.dll ->  [Ver =  | Size = 20480 bytes | Modified Date = 4/3/2007 2:17:01 AM | Attr =	]
InstlMgr.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\InstlMgr.dll ->  [Ver = 1.0.3.1 | Size = 86016 bytes | Modified Date = 3/21/2006 2:38:51 PM | Attr =	]
libcurl.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\libcurl.dll -> The cURL library, http://curl.haxx.se/ [Ver = 7.15.0 | Size = 159744 bytes | Modified Date = 1/11/2007 9:31:51 AM | Attr =	]
libeay32.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\libeay32.dll ->  [Ver =  | Size = 745472 bytes | Modified Date = 3/30/2007 10:12:11 AM | Attr =	]
Logger.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\Logger.dll ->  [Ver = 1.0.7.1 | Size = 266240 bytes | Modified Date = 3/21/2006 2:38:48 PM | Attr =	]
MSVCP71.DLL -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\MSVCP71.DLL -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 7/2/2005 6:15:26 AM | Attr =	]
MSVCR71.DLL -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\MSVCR71.DLL -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 7/2/2005 6:15:36 AM | Attr =	]
retailer.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\retailer.dll -> Sophos Plc [Ver = 1.1.7.144 | Size = 208896 bytes | Modified Date = 8/1/2007 7:52:03 AM | Attr =	]
SharedRes.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\SharedRes.dll -> Sophos Plc [Ver = 1.4.38.131 | Size = 18432 bytes | Modified Date = 4/3/2007 2:24:06 AM | Attr =	]
xmlcpp.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\xmlcpp.dll ->  [Ver =  | Size = 14336 bytes | Modified Date = 4/3/2007 2:17:03 AM | Attr =	]
xmlparse.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\xmlparse.dll ->  [Ver =  | Size = 57344 bytes | Modified Date = 3/30/2007 10:05:41 AM | Attr =	]
xmltok.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\xmltok.dll ->  [Ver =  | Size = 73728 bytes | Modified Date = 3/30/2007 10:04:58 AM | Attr =	]
detoured.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\detoured.dll -> Sophos Plc [Ver = 1.0.0.3741 | Size = 173056 bytes | Modified Date = 9/21/2007 5:56:35 AM | Attr =	]
osdp.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\osdp.dll -> Sophos Plc [Ver = 1.37.1501 | Size = 94208 bytes | Modified Date = 10/1/2007 5:05:42 AM | Attr =	]
savi.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\savi.dll -> Sophos Plc [Ver = 6.2.0.0300 | Size = 385024 bytes | Modified Date = 10/1/2007 5:05:35 AM | Attr =	]
Setup.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\Setup.dll -> Sophos Plc [Ver = 1.0.0.3741 | Size = 712704 bytes | Modified Date = 9/21/2007 5:50:30 AM | Attr =	]
veex.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\veex.dll -> Sophos Plc [Ver = 2.51.0.0300 | Size = 1568768 bytes | Modified Date = 10/1/2007 5:09:13 AM | Attr =	]
SAVPosturePlugin.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\Common\Cisco Systems\CiscoTrustAgent\Plugins\Install\SAVPosturePlugin.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 102400 bytes | Modified Date = 3/9/2007 3:28:41 AM | Attr =	]
Categories.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Categories.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 7168 bytes | Modified Date = 3/9/2007 3:56:05 AM | Attr =	]
msvcp71.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\msvcp71.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 3/19/2003 12:14:51 AM | Attr =	]
msvcr71.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\msvcr71.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 2/21/2003 7:42:21 AM | Attr =	]
SAVMSCM.DLL -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SAVMSCM.DLL -> Sophos Plc [Ver = 2.00.1501 | Size = 110592 bytes | Modified Date = 10/1/2007 5:24:49 AM | Attr =	]
SavNeutralRes.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavNeutralRes.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 651264 bytes | Modified Date = 3/9/2007 3:52:32 AM | Attr =	]
SavRes.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavRes.dll -> Sophos Plc [Ver = 1.0.0.3732 | Size = 466944 bytes | Modified Date = 8/21/2007 10:29:59 AM | Attr =	]
SavResChs.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResChs.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 151552 bytes | Modified Date = 5/18/2007 10:24:50 AM | Attr =	]
SavResCht.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResCht.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 151552 bytes | Modified Date = 5/18/2007 10:25:29 AM | Attr =	]
SavResDeu.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResDeu.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 163840 bytes | Modified Date = 5/18/2007 10:26:08 AM | Attr =	]
SavResEng.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResEng.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 151552 bytes | Modified Date = 5/18/2007 10:18:01 AM | Attr =	]
SavResEsp.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResEsp.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 155648 bytes | Modified Date = 5/18/2007 10:27:27 AM | Attr =	]
SavResFra.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResFra.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 163840 bytes | Modified Date = 5/18/2007 10:26:48 AM | Attr =	]
SavResIt.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResIt.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 163840 bytes | Modified Date = 5/18/2007 10:28:07 AM | Attr =	]
SavResJap.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavResJap.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 151552 bytes | Modified Date = 5/18/2007 10:28:47 AM | Attr =	]
SavShellExtIa64.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavShellExtIa64.dll -> Sophos Plc [Ver = 1.0.0.3110 | Size = 1186304 bytes | Modified Date = 4/2/2007 9:25:22 AM | Attr =	]
SavShellExtX64.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\SavShellExtX64.dll -> Sophos Plc [Ver = 1.0.0.3110 | Size = 742912 bytes | Modified Date = 4/2/2007 9:24:28 AM | Attr =	]
AuthorisedLists.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\AuthorisedLists.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 147456 bytes | Modified Date = 8/10/2007 11:45:38 AM | Attr =	]
BackgroundScanning.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\BackgroundScanning.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 77824 bytes | Modified Date = 3/9/2007 3:47:20 AM | Attr =	]
ComponentManager.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ComponentManager.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 81920 bytes | Modified Date = 3/9/2007 3:29:16 AM | Attr =	]
Configuration.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\Configuration.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 274432 bytes | Modified Date = 8/10/2007 11:49:26 AM | Attr =	]
DesktopMessaging.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\DesktopMessaging.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 327680 bytes | Modified Date = 5/18/2007 9:23:04 AM | Attr =	]
DriveProcessor.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\DriveProcessor.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 147456 bytes | Modified Date = 3/9/2007 3:25:12 AM | Attr =	]
EEConsumer.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\EEConsumer.dll -> Sophos Plc [Ver = 1.0.0.3170 | Size = 110592 bytes | Modified Date = 6/25/2007 10:09:12 AM | Attr =	]
FilterProcessors.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\FilterProcessors.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 233472 bytes | Modified Date = 8/10/2007 11:56:42 AM | Attr =	]
FSDecomposer.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\FSDecomposer.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 98304 bytes | Modified Date = 8/10/2007 11:56:50 AM | Attr =	]
ICAdapter.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ICAdapter.dll -> Sophos Plc [Ver = 1.0.0.3130 | Size = 98304 bytes | Modified Date = 5/18/2007 9:22:12 AM | Attr =	]
ICManagement.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ICManagement.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 274432 bytes | Modified Date = 8/10/2007 11:47:00 AM | Attr =	]
ICProcessors.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ICProcessors.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 258048 bytes | Modified Date = 8/10/2007 11:48:54 AM | Attr =	]
LegacyConsumers.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\LegacyConsumers.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 135168 bytes | Modified Date = 3/9/2007 3:30:02 AM | Attr =	]
Localisation.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\Localisation.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 126976 bytes | Modified Date = 3/9/2007 3:44:10 AM | Attr =	]
Logging.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\Logging.dll -> Sophos Plc [Ver = 1.0.0.3110 | Size = 462848 bytes | Modified Date = 4/2/2007 9:05:24 AM | Attr =	]
Persistance.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\Persistance.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 98304 bytes | Modified Date = 3/9/2007 3:45:08 AM | Attr =	]
SavAdapter.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavAdapter.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 606208 bytes | Modified Date = 8/10/2007 11:48:38 AM | Attr =	]
SavShellExt.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SavShellExt.dll -> Sophos Plc [Ver = 1.0.0.3110 | Size = 315392 bytes | Modified Date = 4/2/2007 8:59:18 AM | Attr =	]
ScanEditExports.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ScanEditExports.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 29184 bytes | Modified Date = 3/9/2007 3:45:16 AM | Attr =	]
ScanEditFacade.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ScanEditFacade.dll -> Sophos Plc [Ver = 1.0.0.3733 | Size = 188416 bytes | Modified Date = 8/23/2007 10:32:28 AM | Attr =	]
ScanManagement.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ScanManagement.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 237568 bytes | Modified Date = 8/10/2007 11:56:02 AM | Attr =	]
Security.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\Security.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 114688 bytes | Modified Date = 3/9/2007 3:33:40 AM | Attr =	]
SIPSManagement.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SIPSManagement.dll -> Sophos Plc [Ver = 1.0.0.3731 | Size = 499712 bytes | Modified Date = 8/16/2007 7:33:54 AM | Attr =	]
SophtainerAdapter.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SophtainerAdapter.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 110592 bytes | Modified Date = 8/10/2007 11:56:10 AM | Attr =	]
SystemInformation.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\SystemInformation.dll -> Sophos Plc [Ver = 1.0.0.3731 | Size = 147456 bytes | Modified Date = 8/16/2007 7:34:32 AM | Attr =	]
ThreatDetection.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ThreatDetection.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 393216 bytes | Modified Date = 8/10/2007 11:57:02 AM | Attr =	]
ThreatManagement.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\ThreatManagement.dll -> Sophos Plc [Ver = 1.0.0.3730 | Size = 557056 bytes | Modified Date = 8/10/2007 11:58:34 AM | Attr =	]
Translators.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\Translators.dll -> Sophos Plc [Ver = 1.0.0.3090 | Size = 204800 bytes | Modified Date = 3/9/2007 3:26:52 AM | Attr =	]
VirusDetection.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\Module Retargetable Folder\VirusDetection.dll -> Sophos Plc [Ver = 1.0.0.3731 | Size = 446464 bytes | Modified Date = 8/16/2007 7:35:10 AM | Attr =	]
msxml4.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\SXS\msxml4.dll -> Microsoft Corporation [Ver = 4.20.9818.0 | Size = 1233920 bytes | Modified Date = 4/18/2003 12:46:22 PM | Attr =	]
msxml4r.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\SXS\msxml4r.dll -> Microsoft Corporation [Ver = 4.10.9404.0 | Size = 82432 bytes | Modified Date = 4/18/2003 12:29:26 PM | Attr =	]
msxml4.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\System\msxml4.dll -> Microsoft Corporation [Ver = 4.20.9818.0 | Size = 1233920 bytes | Modified Date = 4/18/2003 12:46:22 PM | Attr =	]
msxml4a.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\System\msxml4a.dll -> Microsoft Corporation [Ver = 4.10.9404.0 | Size = 44544 bytes | Modified Date = 4/18/2003 12:29:26 PM | Attr =	]
msxml4r.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\System\msxml4r.dll -> Microsoft Corporation [Ver = 4.10.9404.0 | Size = 82432 bytes | Modified Date = 4/18/2003 12:29:26 PM | Attr =	]
CidSync.dll -> C:\WINDOWS\Temp\sotmp1.dir\CidSync.dll -> SOPHOS Plc [Ver = 2.0.49.6 | Size = 225280 bytes | Modified Date = 11/24/2005 10:31:14 AM | Attr =	]
Config.dll -> C:\WINDOWS\Temp\sotmp1.dir\Config.dll -> SOPHOS Plc [Ver = 1.0.33.1 | Size = 102400 bytes | Modified Date = 11/24/2005 10:31:15 AM | Attr =	]
InstlMgr.dll -> C:\WINDOWS\Temp\sotmp1.dir\InstlMgr.dll ->  [Ver = 1.0.3.1 | Size = 86016 bytes | Modified Date = 11/24/2005 10:31:23 AM | Attr =	]
libeay32.dll -> C:\WINDOWS\Temp\sotmp1.dir\libeay32.dll ->  [Ver =  | Size = 798720 bytes | Modified Date = 7/2/2005 6:15:33 AM | Attr =	]
Logger.dll -> C:\WINDOWS\Temp\sotmp1.dir\Logger.dll ->  [Ver = 1.0.7.1 | Size = 266240 bytes | Modified Date = 11/24/2005 10:31:19 AM | Attr =	]
MSVCP71.DLL -> C:\WINDOWS\Temp\sotmp1.dir\MSVCP71.DLL -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 7/2/2005 6:15:26 AM | Attr =	]
MSVCR71.DLL -> C:\WINDOWS\Temp\sotmp1.dir\MSVCR71.DLL -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 7/2/2005 6:15:36 AM | Attr =	]
SharedRes.dll -> C:\WINDOWS\Temp\sotmp1.dir\SharedRes.dll -> SOPHOS Plc [Ver = 1.2.33.0 | Size = 13312 bytes | Modified Date = 11/24/2005 10:28:21 AM | Attr =	]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =	]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =	]
scf.dat -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\scf.dat ->  [Ver =  | Size = 2970 bytes | Modified Date = 10/18/2007 12:08:46 PM | Attr =	]
HIPSConfig-1-0-4.dat -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\HIPSConfig-1-0-4.dat ->  [Ver =  | Size = 2812 bytes | Modified Date = 8/10/2007 5:16:06 AM | Attr =	]
vdl.dat -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\vdl.dat ->  [Ver =  | Size = 500443 bytes | Modified Date = 10/10/2007 10:29:15 AM | Attr =	]
scf.dat -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\1195964710\program files\Sophos\Sophos Anti-Virus\scf.dat ->  [Ver =  | Size = 2915 bytes | Modified Date = 9/20/2007 8:15:29 AM | Attr =	]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =	]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8L3BGQV1\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9FPPJOL6\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OYLMOPK2\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\VJJ1BXDG\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/6/2005 8:36:53 PM | Attr =  HS]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/22/2008 12:06:56 AM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 1/28/2008 4:05:47 PM | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 1/28/2008 4:05:13 PM | Attr =	]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 1/21/2008 11:15:33 PM | Attr =	]
DESKTOP.INI -> %UserDocuments%\DESKTOP.INI ->  [Ver =  | Size = 83 bytes | Modified Date = 1/21/2008 11:15:21 PM | Attr =  HS]
My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 1/21/2008 11:15:21 PM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 1/21/2008 11:15:21 PM | Attr = R  ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 1/28/2008 4:05:18 PM | Attr =	]
fixes -> %UserDesktop%\fixes ->  [Folder | Modified Date = 1/28/2008 4:05:59 PM | Attr =	]
Microsoft Office Word 2003.lnk -> %UserDesktop%\Microsoft Office Word 2003.lnk ->  [Ver =  | Size = 2497 bytes | Modified Date = 1/25/2008 11:10:23 AM | Attr =	]
OWA email.url -> %UserDesktop%\OWA email.url ->  [Ver =  | Size = 350 bytes | Modified Date = 1/28/2008 3:47:00 PM | Attr =	]
phone directory -> %UserDesktop%\phone directory ->  [Folder | Modified Date = 1/3/2008 11:21:10 AM | Attr =	]
Price book -> %UserDesktop%\Price book ->  [Folder | Modified Date = 1/7/2008 10:30:33 AM | Attr =	]
prints -> %UserDesktop%\prints ->  [Folder | Modified Date = 1/24/2008 3:32:32 PM | Attr =	]
renderings -> %UserDesktop%\renderings ->  [Folder | Modified Date = 1/25/2008 3:03:31 PM | Attr =	]
Reports and Tracking -> %UserDesktop%\Reports and Tracking ->  [Folder | Modified Date = 1/23/2008 12:06:48 PM | Attr =	]
Rockofages.com.url -> %UserDesktop%\Rockofages.com.url ->  [Ver =  | Size = 191 bytes | Modified Date = 1/28/2008 10:37:27 AM | Attr =	]
scan.bmp -> %UserDesktop%\scan.bmp ->  [Ver =  | Size = 9670566 bytes | Modified Date = 1/24/2008 10:15:14 AM | Attr =	]
Toms documents -> %UserDesktop%\Toms documents ->  [Folder | Modified Date = 1/24/2008 10:16:18 AM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 1/28/2008 4:09:28 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478982 bytes | Modified Date = 1/28/2008 1:29:51 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 1/28/2008 6:35:16 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 1/28/2008 4:04:23 PM | Attr =	]

< End of report >

There was no .log file in the Moved Files folder.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:42 PM

Posted 28 January 2008 - 09:02 PM

Hi 250gibson. No there wouldn't have been a log file if WPF35 wasn't permitted to finish. Windows always says it is not responding. It's just moving files.

In any case, everything looks fine. Let's finish things up.

First, let's reset your hidden/system files and folders since WPF35 was not allowed to do that at the end. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  • CHECK the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • CHECK Turn off System Restore.
    • Click Apply, and then click OK.
  • Restart your computer.
  • Turn ON System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • UN-Check Turn off System Restore.
    • Click Apply, and then click OK.
System Restore will now be active again.

To remove all of the tools we used and the files and folders they created do the following:
  • Start WinPFind35
    Click the CleanUp button
  • WinPFind35 will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • WinPFind35 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 250gibson

250gibson
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 28 January 2008 - 11:23 PM

Thank you, everything seems to be working fine now. Although I have one question. I noticed the transparent icons appeared back on my desktop. I looked into my computer, and now the show hidden icons is selected, and the hide protected operating system files (recommended) is unchecked. Should these items still be selected? Is it ok to delete the transparent icons hpothb07.tiff and hpothb07.dat ?

Thanks again for all your help

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:42 PM

Posted 28 January 2008 - 11:52 PM

Hi 250gibson. Follow my directions in the post above to rehide them.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 250gibson

250gibson
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 28 January 2008 - 11:55 PM

Ok, I must not have clicked apply the first time.

Thanks, again

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:42 PM

Posted 29 January 2008 - 11:04 AM

You are very welcome 250gibson, I'm glad we could help.

I will now close this topic. If you have any new malware related issues in the future please start a new topic.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users